Drupal provides a good API for developing secure modules and sites, but mistakes happen and best practices are missed in the process of making deadlines. This session will cover popular and prevelant Drupal security risks on the web and how to write secure Drupal code.
Security risks on the web
Common vulnerabilities found in Drupal code
XSS, CSRF, Access Bypass
Automated tools to make your life easier
Ben Jeavons (drupal.org user coltrane) has been a contributor to the Drupal project since 2007, has written many modules including the security configuration audit tool, Security Review, and is a member of the Drupal Security Team.